Computer Security Companies Boosting Internet Attacks

As most of you people might be aware of, the computer security market is growing in a fast phase. Full-disclosure of security vulnerabilities are done
by big security companies, to protect the financial world, the national infrastructure et cetera.

Security companies are, by almost everyone, portraited as the good guys. The fact though is, because of their full-disclosure of security
vulnerabilities, people are able to program so called exploits, in order to gain access to computer systems. The security industry provides people,
which are on the "dark side of the moon", with information in a rapid phase. Thus, this information is released for everyone to see. They do the
research for the "bad guys".

What does this matter? Well, because of this rate of access, more and more people with almost no knowledge are able to attack companies et cetera.
This means, an increased rate of attacks, and an increased rate of attacks gives what? Correct, more money to the security industry.

So, this is almost like releasing a virus, then fix your own virus and make money while doing it.

The more legit securityfirms like symantec and MCafee should start handing out certificates to security firms that comply to ethic behaviour . like
not immediately publicating source code, but giving the targeted softwarecompany time to release a patch......

Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly
publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full
code on how to fix the problem.

Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know
that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.

Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info
they need to run their bussines totaly free is so much easyer.

The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and
hardware to help shield exploitable systems from the open net.

Originally posted by thematrix
Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly
publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full
code on how to fix the problem.

Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know
that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.

Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info
they need to run their bussines totaly free is so much easyer.

The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and
hardware to help shield exploitable systems from the open net.

I worked for a network security firm at one point, mcafee specifically. They find most of their security holes by surfing hacker and exploit sites,
not only that but to my knowledge they do always notify the software provider before they release information to the general public.

Yes, well, I have a friend at iDEFENSE and what I've seen, they have their own research team which focuses on exploiting computer software. They have
also bought information from the "dark side".

Can't say, but to me it just seems as if we'd have fewer attacks if full-disclosures weren't to much full-disclosure. Some of my friends read the
full-disclosures from the security community and code exploits afterward. That's how many of them work. Afterwards the exploits are released and
individuals without deeper knowledge execute them and gain access, more or less.

This content community relies on user-generated content from our member contributors. The opinions of our members are not those of site ownership who maintains strict editorial agnosticism and simply provides a collaborative venue for free expression.